feat: Custom BackendRef for Primary and Canary Services

[kahirokunn]

Description

This PR adds support for custom backend references in Flagger's primary and canary services. This enhancement allows users to specify different routing configurations and intermediate services for primary and canary traffic, enabling more complex deployment patterns and better integration with existing infrastructure.

Key Changes

• Added BackendRef field
• Updated Gateway API router to support custom backend references
• Modified service reconciliation logic to handle custom backend configurations
• Added support for service-specific filters
• Maintained backward compatibility with existing configurations

Use Cases

This feature enables several important scenarios:

1. Routing through security proxies
2. Adding service-specific monitoring
3. Implementing different circuit breaker configurations
4. Supporting complex mesh architectures
5. Applying different filtering rules for primary and canary traffic

Example Configuration

apiVersion: flagger.app/v1beta1
kind: Canary
metadata:
  name: my-app
spec:
  service:
    primary:
      backendRef:
        name: primary-proxy
        namespace: monitoring
        filters:
          - type: RequestHeaderModifier
            requestHeaderModifier:
              set:
                - name: x-route
                  value: primary
    canary:
      backendRef:
        name: canary-proxy
        namespace: monitoring
        filters:
          - type: RequestHeaderModifier
            requestHeaderModifier:
              set:
                - name: x-route
                  value: canary

Breaking Changes

None. This is a backward-compatible change that maintains existing behavior when custom backend references are not specified.

Issue

#1741

[stefanprodan]

The creation of ReferenceGrant is only triggered if an HTTPRoute is configured to route traffic to a Service in a different namespace.

This is never the case for Flagger Canaries, the Kubernetes Services and the HTTPRoutes are always in the same namespace, next to the Kubernetes Deployment.

[kahirokunn]

@stefanprodan
Thank you for your feedback. I apologize for the confusion in the previous PR content.

I have updated the PR to introduce Custom BackendRef for Primary and Canary Services. This enhancement allows referencing services in different namespaces, and as a result, ReferenceGrants are now automatically created.

With these changes, Flagger's Gateway API integration is significantly strengthened, enabling support for numerous use cases such as:

1. Routing through security proxies
2. Adding service-specific monitoring
3. Implementing different circuit breaker configurations
4. Supporting complex mesh architectures
5. Applying different filtering rules for primary and canary traffic

I believe these improvements will greatly enhance the flexibility and integration capabilities of Flagger. I appreciate your look forward to your continued feedback.

Best regards,
kahirokunn

[stefanprodan]

This enhancement allows referencing services in different namespaces

We can't allow this in a Flagger canary, the Kubernetes Services managed by Flagger are always in the same namespace as the HTTPRoutes.

[kahirokunn]

@stefanprodan
Thank you for the clarification regarding namespace constraints. I apologize for any confusion in my previous explanation.

To clarify my intention: This PR aims to enable HTTPRoute's backendRefs to point to Kubernetes Services that are not managed by Flagger, while keeping Flagger-managed services within the same namespace as the HTTPRoutes.

The current implementation in the PR (03acf7a) is still a work in progress, but the goal is to provide more flexibility in routing configurations while maintaining Flagger's core functionality and namespace constraints.

I'm happy to adjust the implementation based on your guidance.

Best regards,
kahirokunn

[kahirokunn]

move to #1742